@remnic/core 9.3.685 → 9.3.686
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-boundary.d.ts +2 -2
- package/dist/access-boundary.js +2 -2
- package/dist/access-cli.js +88 -7
- package/dist/access-cli.js.map +1 -1
- package/dist/access-http.d.ts +1 -1
- package/dist/access-http.js +5 -5
- package/dist/access-mcp.d.ts +12 -2
- package/dist/access-mcp.js +4 -4
- package/dist/access-operations.d.ts +8 -3
- package/dist/access-operations.js +5 -3
- package/dist/access-schema.d.ts +4 -4
- package/dist/{access-service-DeKrlYU_.d.ts → access-service-DmCHJ4cH.d.ts} +105 -29
- package/dist/access-service.d.ts +1 -1
- package/dist/access-service.js +1 -1
- package/dist/access-surface-catalog.d.ts +1 -1
- package/dist/access-surface-catalog.js +2 -0
- package/dist/access-surface-catalog.js.map +1 -1
- package/dist/{chunk-OFUULUSY.js → chunk-473JIN2U.js} +56 -5
- package/dist/chunk-473JIN2U.js.map +1 -0
- package/dist/{chunk-SQGPGC76.js → chunk-FUCUR2OZ.js} +540 -43
- package/dist/chunk-FUCUR2OZ.js.map +1 -0
- package/dist/{chunk-IIDSFFE5.js → chunk-KFBOZYME.js} +42 -3
- package/dist/chunk-KFBOZYME.js.map +1 -0
- package/dist/{chunk-PK6RGRSD.js → chunk-NN7QYW5W.js} +2 -2
- package/dist/chunk-NN7QYW5W.js.map +1 -0
- package/dist/{chunk-JPCKLFWK.js → chunk-QVMXQGT7.js} +6 -5
- package/dist/chunk-QVMXQGT7.js.map +1 -0
- package/dist/{chunk-BZISAF67.js → chunk-S2OU5DZY.js} +28 -6
- package/dist/chunk-S2OU5DZY.js.map +1 -0
- package/dist/{cli-D3-Q5Uod.d.ts → cli-D8nZ2MPH.d.ts} +1 -1
- package/dist/cli.d.ts +2 -2
- package/dist/cli.js +6 -6
- package/dist/index.d.ts +2 -2
- package/dist/index.js +6 -6
- package/dist/mcp-memory-inspector-app.d.ts +1 -1
- package/dist/schemas.d.ts +38 -38
- package/dist/transfer/types.d.ts +22 -22
- package/package.json +2 -2
- package/src/access-boundary.ts +2 -1
- package/src/access-cli.ts +94 -4
- package/src/access-http.ts +39 -1
- package/src/access-mcp.ts +54 -1
- package/src/access-operations.ts +66 -0
- package/src/access-service.ts +147 -62
- package/src/access-surface-catalog.test.ts +1 -1
- package/src/access-surface-catalog.ts +2 -0
- package/src/cli.ts +1 -0
- package/src/coding/decision-surfaces.test.ts +279 -0
- package/src/coding/decision-surfaces.ts +475 -0
- package/dist/chunk-BZISAF67.js.map +0 -1
- package/dist/chunk-IIDSFFE5.js.map +0 -1
- package/dist/chunk-JPCKLFWK.js.map +0 -1
- package/dist/chunk-OFUULUSY.js.map +0 -1
- package/dist/chunk-PK6RGRSD.js.map +0 -1
- package/dist/chunk-SQGPGC76.js.map +0 -1
|
@@ -3,7 +3,10 @@ import {
|
|
|
3
3
|
} from "./chunk-UDJLF3BO.js";
|
|
4
4
|
import {
|
|
5
5
|
defineOperation
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-NN7QYW5W.js";
|
|
7
|
+
import {
|
|
8
|
+
DECISION_SUBCOMMANDS
|
|
9
|
+
} from "./chunk-FUCUR2OZ.js";
|
|
7
10
|
|
|
8
11
|
// src/access-operations.ts
|
|
9
12
|
import { z } from "zod";
|
|
@@ -70,16 +73,52 @@ var memoryStoreOperation = defineOperation({
|
|
|
70
73
|
return { result };
|
|
71
74
|
}
|
|
72
75
|
});
|
|
76
|
+
var codingDecisionSchema = z.preprocess(
|
|
77
|
+
(data) => {
|
|
78
|
+
if (data && typeof data === "object" && !Array.isArray(data)) {
|
|
79
|
+
const out = {};
|
|
80
|
+
for (const [k, v] of Object.entries(data)) {
|
|
81
|
+
if (v !== null) out[k] = v;
|
|
82
|
+
}
|
|
83
|
+
return out;
|
|
84
|
+
}
|
|
85
|
+
return data;
|
|
86
|
+
},
|
|
87
|
+
z.object({
|
|
88
|
+
subcommand: z.enum(DECISION_SUBCOMMANDS),
|
|
89
|
+
sessionKey: z.string().trim().max(512).optional(),
|
|
90
|
+
namespace: z.string().trim().max(256).optional(),
|
|
91
|
+
id: z.string().trim().max(512).optional(),
|
|
92
|
+
title: z.string().trim().max(512).optional(),
|
|
93
|
+
status: z.string().trim().max(64).optional(),
|
|
94
|
+
context: z.string().trim().max(8192).optional(),
|
|
95
|
+
decision: z.string().trim().max(8192).optional(),
|
|
96
|
+
consequences: z.string().trim().max(8192).optional(),
|
|
97
|
+
entityRefs: z.array(z.string().trim().min(1).max(256)).optional(),
|
|
98
|
+
supersedesId: z.string().trim().max(512).optional()
|
|
99
|
+
})
|
|
100
|
+
);
|
|
101
|
+
var codingDecisionOperation = defineOperation({
|
|
102
|
+
name: "coding_decision",
|
|
103
|
+
description: "List, get, record, or supersede decision records in the session's coding namespace (issue #1548 Track A).",
|
|
104
|
+
schema: codingDecisionSchema,
|
|
105
|
+
handler: async (input, ctx) => {
|
|
106
|
+
const result = await ctx.service.codingDecision(input, ctx.authenticatedPrincipal);
|
|
107
|
+
return { result };
|
|
108
|
+
}
|
|
109
|
+
});
|
|
73
110
|
var REGISTERED_OPERATIONS = [
|
|
74
111
|
memoryGetOperation.spec.name,
|
|
75
112
|
memorySearchOperation.spec.name,
|
|
76
|
-
memoryStoreOperation.spec.name
|
|
113
|
+
memoryStoreOperation.spec.name,
|
|
114
|
+
codingDecisionOperation.spec.name
|
|
77
115
|
];
|
|
78
116
|
|
|
79
117
|
export {
|
|
80
118
|
memoryGetOperation,
|
|
81
119
|
memorySearchOperation,
|
|
82
120
|
memoryStoreOperation,
|
|
121
|
+
codingDecisionOperation,
|
|
83
122
|
REGISTERED_OPERATIONS
|
|
84
123
|
};
|
|
85
|
-
//# sourceMappingURL=chunk-
|
|
124
|
+
//# sourceMappingURL=chunk-KFBOZYME.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/access-operations.ts"],"sourcesContent":["/**\n * Pilot operation definitions for the access boundary (issue #1525).\n *\n * Three operations migrate through the registry in this PR — `memory_get`,\n * `memory_search`, and the `memory_store` write op — so the boundary's\n * normalization matrix (rules 17/28/36/48/51) and shared error mapping reach\n * MCP, HTTP, and CLI from one place. Domain-group migrations (memory ops →\n * connectors → namespaces …) land as follow-up PRs that add `defineOperation`\n * calls here and delete the surface-local validation they replace.\n *\n * Importing this module for its side effects registers the pilot operations;\n * surfaces then dispatch via {@link getOperation} from `./access-boundary.js`.\n */\n\nimport { z } from \"zod\";\n\nimport { defineOperation } from \"./access-boundary.js\";\nimport { memoryStoreRequestSchema, type MemoryStoreRequest } from \"./access-schema.js\";\nimport type {\n EngramAccessMemoryResponse,\n EngramAccessWriteResponse,\n} from \"./access-service.js\";\nimport {\n DECISION_SUBCOMMANDS,\n type DecisionSurfaceRequest,\n type DecisionSurfaceResponse,\n} from \"./coding/decision-surfaces.js\";\n\n// ---------------------------------------------------------------------------\n// memory_get — fetch one memory by id\n// ---------------------------------------------------------------------------\n\n/**\n * `memoryId` is required and non-empty (rule 51: the MCP dispatcher previously\n * fell back to `typeof args.memoryId === \"string\" ? args.memoryId : \"\"`,\n * silently passing an empty id into the service). `namespace` is\n * `.nullable().optional()` because MCP clients send `null` (gotcha #2).\n * `namespace` has no `.min(1)` because the pre-boundary handlers forwarded\n * empty/whitespace strings, and `resolveNamespace` treats empty identically\n * to absent (both trim to falsy → default namespace). Rejecting empty would\n * break HTTP callers that send a bare `?namespace=` (Cursor review).\n */\nconst memoryGetSchema = z.object({\n memoryId: z.string().trim().min(1, \"memoryId is required\").max(512),\n namespace: z.string().trim().max(256).nullable().optional(),\n});\n\nexport interface MemoryGetInput {\n readonly memoryId: string;\n readonly namespace?: string | null;\n}\n\nexport interface MemoryGetOutput {\n readonly result: EngramAccessMemoryResponse;\n}\n\nexport const memoryGetOperation = defineOperation<MemoryGetInput, MemoryGetOutput>({\n name: \"memory_get\",\n description: \"Fetch one memory by id.\",\n schema: memoryGetSchema,\n handler: async (input, ctx) => {\n const result = await ctx.service.memoryGet(\n input.memoryId,\n input.namespace ?? undefined,\n ctx.authenticatedPrincipal,\n );\n return { result };\n },\n});\n\n// ---------------------------------------------------------------------------\n// memory_search — semantic search across memories\n// ---------------------------------------------------------------------------\n\nconst memorySearchSchema = z.object({\n query: z.string().trim().min(1, \"query is required\").max(2048),\n namespace: z.string().trim().max(256).nullable().optional(),\n // No upper cap: the pre-boundary MCP handler forwarded any finite number to\n // memorySearch, and the QMD/search backends honor large limits. Capping at\n // 100 would reject existing clients that request larger result sets.\n maxResults: z.number().int().min(1).nullable().optional(),\n collection: z.string().trim().min(1).max(256).nullable().optional(),\n});\n\nexport interface MemorySearchInput {\n readonly query: string;\n readonly namespace?: string | null;\n readonly maxResults?: number | null;\n readonly collection?: string | null;\n}\n\nexport interface MemorySearchOutput {\n readonly result: {\n readonly query: string;\n readonly results: ReadonlyArray<{ path: string; score: number; snippet: string }>;\n readonly count: number;\n };\n}\n\nexport const memorySearchOperation = defineOperation<MemorySearchInput, MemorySearchOutput>({\n name: \"memory_search\",\n description: \"Search memories across readable namespaces.\",\n schema: memorySearchSchema,\n handler: async (input, ctx) => {\n const result = await ctx.service.memorySearch({\n query: input.query,\n namespace: input.namespace ?? undefined,\n maxResults: input.maxResults ?? undefined,\n collection: input.collection ?? undefined,\n principal: ctx.authenticatedPrincipal,\n });\n return { result };\n },\n});\n\n// ---------------------------------------------------------------------------\n// memory_store — the pilot WRITE op\n// ---------------------------------------------------------------------------\n\nexport type MemoryStoreInput = MemoryStoreRequest;\n\nexport interface MemoryStoreOutput {\n readonly result: EngramAccessWriteResponse;\n}\n\nexport const memoryStoreOperation = defineOperation<MemoryStoreInput, MemoryStoreOutput>({\n name: \"memory_store\",\n description: \"Store an explicit memory through the access layer.\",\n // Reuse the existing schema verbatim — the migration is behavior-preserving;\n // the schema's external contract is NOT changing in this PR (per the issue's\n // pitfall note).\n schema: memoryStoreRequestSchema,\n handler: async (input, ctx) => {\n const result = await ctx.service.memoryStore(\n {\n ...input,\n authenticatedPrincipal: ctx.authenticatedPrincipal,\n },\n // Forward transport-level hooks (e.g. HTTP's atomic write-quota gate)\n // so the hook still fires inside the service's idempotent-write lock —\n // never before, never on a replay (#1434 invariant preserved by the\n // boundary migration).\n\n ctx.hooks,\n );\n return { result };\n },\n});\n\n// ---------------------------------------------------------------------------\n// coding_decision — decision-record surfaces (issue #1548 Track A PR 2)\n// ---------------------------------------------------------------------------\n\n/**\n * The subcommand field is required and MUST be one of the four valid values\n * (rule 51 — reject loudly, list the options, never silently default). The\n * remaining fields are optional because each subcommand uses a different\n * subset; the handler validates subcommand-specific requirements after\n * routing.\n */\n/**\n * MCP clients send `null` for absent optional fields. Zod `.optional()`\n * rejects `null`, so strip nulls at the object level before the inner\n * schema validates (review: cursor null-field thread).\n */\nconst codingDecisionSchema = z.preprocess(\n (data) => {\n if (data && typeof data === \"object\" && !Array.isArray(data)) {\n const out: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(data as Record<string, unknown>)) {\n if (v !== null) out[k] = v;\n }\n return out;\n }\n return data;\n },\n z.object({\n subcommand: z.enum(DECISION_SUBCOMMANDS),\n sessionKey: z.string().trim().max(512).optional(),\n namespace: z.string().trim().max(256).optional(),\n id: z.string().trim().max(512).optional(),\n title: z.string().trim().max(512).optional(),\n status: z.string().trim().max(64).optional(),\n context: z.string().trim().max(8192).optional(),\n decision: z.string().trim().max(8192).optional(),\n consequences: z.string().trim().max(8192).optional(),\n entityRefs: z.array(z.string().trim().min(1).max(256)).optional(),\n supersedesId: z.string().trim().max(512).optional(),\n }),\n);\n\nexport type CodingDecisionInput = DecisionSurfaceRequest;\nexport type CodingDecisionOutput = { result: DecisionSurfaceResponse };\n\nexport const codingDecisionOperation = defineOperation<\n CodingDecisionInput,\n CodingDecisionOutput\n>({\n name: \"coding_decision\",\n description:\n \"List, get, record, or supersede decision records in the session's coding namespace (issue #1548 Track A).\",\n schema: codingDecisionSchema as z.ZodType<CodingDecisionInput>,\n handler: async (input, ctx) => {\n const result = await ctx.service.codingDecision(input, ctx.authenticatedPrincipal);\n return { result };\n },\n});\n\n// ---------------------------------------------------------------------------\n// Surface registration map — what each transport calls the pilot ops\n// ---------------------------------------------------------------------------\n\n/**\n * The canonical short names (no `engram.`/`remnic.` prefix) of the operations\n * the boundary owns today. The fitness test treats this set as the migrated\n * set; everything else on a surface is unmigrated and counted by the ratchet.\n */\nexport const REGISTERED_OPERATIONS = [\n memoryGetOperation.spec.name,\n memorySearchOperation.spec.name,\n memoryStoreOperation.spec.name,\n codingDecisionOperation.spec.name,\n] as const;\n"],"mappings":";;;;;;;;;;;AAcA,SAAS,SAAS;AA4BlB,IAAM,kBAAkB,EAAE,OAAO;AAAA,EAC/B,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,sBAAsB,EAAE,IAAI,GAAG;AAAA,EAClE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAC5D,CAAC;AAWM,IAAM,qBAAqB,gBAAiD;AAAA,EACjF,MAAM;AAAA,EACN,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS,OAAO,OAAO,QAAQ;AAC7B,UAAM,SAAS,MAAM,IAAI,QAAQ;AAAA,MAC/B,MAAM;AAAA,MACN,MAAM,aAAa;AAAA,MACnB,IAAI;AAAA,IACN;AACA,WAAO,EAAE,OAAO;AAAA,EAClB;AACF,CAAC;AAMD,IAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,mBAAmB,EAAE,IAAI,IAAI;AAAA,EAC7D,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,EAI1D,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AACpE,CAAC;AAiBM,IAAM,wBAAwB,gBAAuD;AAAA,EAC1F,MAAM;AAAA,EACN,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS,OAAO,OAAO,QAAQ;AAC7B,UAAM,SAAS,MAAM,IAAI,QAAQ,aAAa;AAAA,MAC5C,OAAO,MAAM;AAAA,MACb,WAAW,MAAM,aAAa;AAAA,MAC9B,YAAY,MAAM,cAAc;AAAA,MAChC,YAAY,MAAM,cAAc;AAAA,MAChC,WAAW,IAAI;AAAA,IACjB,CAAC;AACD,WAAO,EAAE,OAAO;AAAA,EAClB;AACF,CAAC;AAYM,IAAM,uBAAuB,gBAAqD;AAAA,EACvF,MAAM;AAAA,EACN,aAAa;AAAA;AAAA;AAAA;AAAA,EAIb,QAAQ;AAAA,EACR,SAAS,OAAO,OAAO,QAAQ;AAC7B,UAAM,SAAS,MAAM,IAAI,QAAQ;AAAA,MAC/B;AAAA,QACE,GAAG;AAAA,QACH,wBAAwB,IAAI;AAAA,MAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA,IAAI;AAAA,IACN;AACA,WAAO,EAAE,OAAO;AAAA,EAClB;AACF,CAAC;AAkBD,IAAM,uBAAuB,EAAE;AAAA,EAC7B,CAAC,SAAS;AACR,QAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,GAAG;AAC5D,YAAM,MAA+B,CAAC;AACtC,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,IAA+B,GAAG;AACpE,YAAI,MAAM,KAAM,KAAI,CAAC,IAAI;AAAA,MAC3B;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EACA,EAAE,OAAO;AAAA,IACP,YAAY,EAAE,KAAK,oBAAoB;AAAA,IACvC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IAChD,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IAC/C,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IAC3C,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,SAAS;AAAA,IAC3C,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,SAAS;AAAA,IAC9C,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,SAAS;AAAA,IAC/C,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,SAAS;AAAA,IACnD,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,SAAS;AAAA,IAChE,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EACpD,CAAC;AACH;AAKO,IAAM,0BAA0B,gBAGrC;AAAA,EACA,MAAM;AAAA,EACN,aACE;AAAA,EACF,QAAQ;AAAA,EACR,SAAS,OAAO,OAAO,QAAQ;AAC7B,UAAM,SAAS,MAAM,IAAI,QAAQ,eAAe,OAAO,IAAI,sBAAsB;AACjF,WAAO,EAAE,OAAO;AAAA,EAClB;AACF,CAAC;AAWM,IAAM,wBAAwB;AAAA,EACnC,mBAAmB,KAAK;AAAA,EACxB,sBAAsB,KAAK;AAAA,EAC3B,qBAAqB,KAAK;AAAA,EAC1B,wBAAwB,KAAK;AAC/B;","names":[]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
EngramAccessInputError
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-FUCUR2OZ.js";
|
|
4
4
|
import {
|
|
5
5
|
expandTildePath
|
|
6
6
|
} from "./chunk-EYIEWJNI.js";
|
|
@@ -104,4 +104,4 @@ export {
|
|
|
104
104
|
listRegisteredOperations,
|
|
105
105
|
__resetRegistryForTest
|
|
106
106
|
};
|
|
107
|
-
//# sourceMappingURL=chunk-
|
|
107
|
+
//# sourceMappingURL=chunk-NN7QYW5W.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/access-boundary.ts"],"sourcesContent":["/**\n * Single input-validation and error boundary for the CLI/MCP/HTTP access\n * surfaces (issue #1525, epic #1520 Phase 1).\n *\n * Every operation that crosses the access-service facade passes through ONE\n * registry entry: a zod-validated request envelope, a shared error mapper,\n * and the \"reject invalid input and list valid options\" behavior that\n * CLAUDE.md rules 14/17/24/28/36/48/51 previously had to be re-implemented\n * per handler. The three surfaces become thin adapters — one operation\n * definition, three transports — so a validation fix lands everywhere at\n * once.\n *\n * Host-agnostic (rule 31): operation names carry no `openclaw-*`/`engram-*`\n * prefix. Session/namespace tenancy stays in the handler layer (resolved via\n * ScopePlan #1521); the boundary validates SHAPE, not tenancy.\n */\n\nimport { z } from \"zod\";\nimport { EngramAccessInputError, type EngramAccessService } from \"./access-service.js\";\nimport { expandTildePath } from \"./utils/path.js\";\n\n// ---------------------------------------------------------------------------\n// Canonical operation names — host-agnostic (rule 31)\n// ---------------------------------------------------------------------------\n\n/**\n * Canonical operation ids. One id is shared by the MCP tool, the HTTP route,\n * and the CLI command that expose the same operation. Add to this union as\n * each domain-group migration PR (memory ops → connectors → namespaces …)\n * lands; the fitness test in `access-surface-catalog.test.ts` treats the\n * registered set as the migration state.\n */\nexport type OperationName =\n | \"memory_get\"\n | \"memory_search\"\n | \"memory_store\"\n | \"coding_decision\";\n\n// ---------------------------------------------------------------------------\n// Operation context — what every handler receives\n// ---------------------------------------------------------------------------\n\n/**\n * Per-call context. `service` is the facade the handler delegates to; the\n * boundary never reaches past it. `authenticatedPrincipal` is resolved by\n * the SURFACE (MCP header / HTTP identity / CLI flag) before the boundary\n * runs, so handlers stay principal-source-agnostic. `hooks` carries\n * transport-level callbacks (e.g. HTTP write-quota enforcement) that must\n * fire atomically inside the service call; surfaces that have no such hook\n * leave it undefined.\n */\nexport interface OperationContext {\n readonly service: EngramAccessService;\n readonly authenticatedPrincipal?: string;\n readonly hooks?: OperationHooks;\n}\n\n/**\n * Transport-level callbacks a handler forwards into the service call. Kept\n * narrow on purpose: the boundary owns validation + dispatch shape, not\n * transport policy. Add fields here only when a surface genuinely needs a\n * callback the service itself consumes.\n */\nexport interface OperationHooks {\n /** HTTP write-quota gate; throws to reject the write when exhausted. */\n readonly enforceWriteQuota?: () => void | Promise<void>;\n}\n\n// ---------------------------------------------------------------------------\n// Operation spec + bound operation\n// ---------------------------------------------------------------------------\n\nexport interface OperationSpec<In, Out> {\n /** Canonical operation id; matches an {@link OperationName}. */\n readonly name: OperationName;\n readonly description: string;\n /** Zod schema validating the raw request envelope. */\n readonly schema: z.ZodType<In>;\n /** Handler invoked with the parsed input; throws EngramAccessInputError for domain faults. */\n readonly handler: (input: In, ctx: OperationContext) => Promise<Out>;\n}\n\nexport interface BoundOperation<In = unknown, Out = unknown> {\n readonly spec: OperationSpec<In, Out>;\n /** Validate the raw envelope, then invoke the handler. Throws EngramAccessInputError on any validation failure. */\n readonly run: (rawInput: unknown, ctx: OperationContext) => Promise<Out>;\n}\n\n// ---------------------------------------------------------------------------\n// Shared normalizers the boundary owns (rules 17, 28, 36, 48, 51)\n// ---------------------------------------------------------------------------\n\n/**\n * Coerce boolean-like strings at the edge (rule 36). Accepts actual booleans\n * and the string spellings clients send (\"true\"/\"false\"/\"1\"/\"0\"/\"yes\"/\"no\"/\n * \"on\"/\"off\", case-insensitive). Rejects anything else loudly — `Boolean(\"false\")`\n * would silently be `true`, which is the bug rule 36 exists to prevent.\n *\n * `undefined`/`null`/`\"\"` → `undefined`, so callers can keep treating an\n * absent flag as \"use the default\" without a separate presence check.\n */\nexport function coerceBooleanLike(value: unknown): boolean | undefined {\n if (value === undefined || value === null || value === \"\") return undefined;\n if (typeof value === \"boolean\") return value;\n if (typeof value === \"string\") {\n const lower = value.trim().toLowerCase();\n if (lower === \"true\" || lower === \"1\" || lower === \"yes\" || lower === \"on\") return true;\n if (lower === \"false\" || lower === \"0\" || lower === \"no\" || lower === \"off\") return false;\n }\n throw new EngramAccessInputError(\n `expected a boolean-like value (true|false|1|0|yes|no|on|off); got ${JSON.stringify(value)}`,\n );\n}\n\n/**\n * Coerce + validate a positive integer from a numeric string or number\n * (rule 28). Loosely-typed MCP/CLI clients send `\"5\"`; `typeof saved === \"number\"`\n * on read-back would reject it later, so we coerce at the edge and reject\n * booleans/objects loudly (`Number(true) === 1` would silently pass otherwise).\n *\n * `undefined`/`null`/`\"\"` → `undefined`.\n */\nexport function coercePositiveInteger(value: unknown, label: string): number | undefined {\n if (value === undefined || value === null || value === \"\") return undefined;\n if (typeof value === \"number\") {\n if (!Number.isFinite(value) || value <= 0 || !Number.isInteger(value)) {\n throw new EngramAccessInputError(`${label} expects a positive integer; got ${JSON.stringify(value)}`);\n }\n return value;\n }\n if (typeof value === \"string\") {\n const trimmed = value.trim();\n if (!/^[+-]?\\d+$/.test(trimmed)) {\n throw new EngramAccessInputError(`${label} expects a positive integer; got ${JSON.stringify(value)}`);\n }\n const parsed = Number(trimmed);\n if (!Number.isSafeInteger(parsed) || parsed <= 0) {\n throw new EngramAccessInputError(`${label} expects a positive integer; got ${JSON.stringify(value)}`);\n }\n return parsed;\n }\n throw new EngramAccessInputError(`${label} expects a positive integer; got ${JSON.stringify(value)}`);\n}\n\n/**\n * Expand `~` in a path-shaped input (rule 17). Node `fs` does NOT expand `~`;\n * ad-hoc regex drifts. `undefined`/`null`/`\"\"` → `undefined`.\n */\nexport function normalizeOptionalPath(value: unknown): string | undefined {\n if (value === undefined || value === null || value === \"\") return undefined;\n if (typeof value !== \"string\") {\n throw new EngramAccessInputError(`expected a path string; got ${JSON.stringify(value)}`);\n }\n return expandTildePath(value);\n}\n\n// ---------------------------------------------------------------------------\n// Error formatting — rule 51: list valid options, never silently default\n// ---------------------------------------------------------------------------\n\n/**\n * Turn a zod failure into an {@link EngramAccessInputError} whose message\n * names the offending field and — for enum/union issues — lists the valid\n * options, so the caller can correct rather than guess (rule 51).\n */\nexport function formatZodIssues(error: z.ZodError): string {\n const parts: string[] = [];\n for (const issue of error.issues) {\n const path = issue.path.length > 0 ? issue.path.join(\".\") : \"(root)\";\n const options = enumOptionsFromIssue(issue);\n const suffix = options ? `. Valid: ${options.join(\", \")}` : \"\";\n parts.push(`${path}: ${issue.message}${suffix}`);\n }\n return parts.length > 0\n ? `request validation failed: ${parts.join(\"; \")}`\n : \"request validation failed\";\n}\n\nfunction enumOptionsFromIssue(issue: z.ZodIssue): readonly string[] | undefined {\n // zod exposes accepted enum values on the issue for ZodEnum / ZodNativeEnum\n // and on the options of invalid_union discriminators. Reading them here\n // keeps \"list valid options\" in ONE place rather than per handler.\n if (issue.code === z.ZodIssueCode.invalid_enum_value) {\n const rawOptions = (issue as { options?: unknown }).options;\n if (Array.isArray(rawOptions)) {\n return rawOptions.map((opt) => String(opt));\n }\n }\n return undefined;\n}\n\n// ---------------------------------------------------------------------------\n// Registry\n// ---------------------------------------------------------------------------\n\nconst registry = new Map<OperationName, BoundOperation>();\n\n/**\n * Register an operation. Throws if the name is already registered — duplicate\n * registration is a programming error, not a runtime input fault, so it throws\n * a plain Error (not the input-error class surfaces translate for clients).\n */\nexport function defineOperation<In, Out>(spec: OperationSpec<In, Out>): BoundOperation<In, Out> {\n if (registry.has(spec.name)) {\n throw new Error(`access-boundary: operation already registered: ${spec.name}`);\n }\n const bound: BoundOperation<In, Out> = {\n spec,\n run: async (rawInput, ctx) => {\n const parseResult = spec.schema.safeParse(rawInput);\n if (!parseResult.success) {\n throw new EngramAccessInputError(formatZodIssues(parseResult.error));\n }\n return spec.handler(parseResult.data, ctx);\n },\n };\n // Store under the canonical name; the cast is safe because In/Out are\n // erased at the registry boundary and recovered by callers via getOperation.\n registry.set(spec.name, bound as unknown as BoundOperation);\n return bound;\n}\n\n/** Look up a registered operation by canonical name. */\nexport function getOperation(name: OperationName): BoundOperation | undefined {\n return registry.get(name);\n}\n\n/** All registered operation names. */\nexport function listRegisteredOperations(): readonly OperationName[] {\n return [...registry.keys()];\n}\n\n/** Test-only: clear the registry so pilot definitions can be re-registered. */\nexport function __resetRegistryForTest(): void {\n registry.clear();\n}\n"],"mappings":";;;;;;;;AAiBA,SAAS,SAAS;AAoFX,SAAS,kBAAkB,OAAqC;AACrE,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,MAAI,OAAO,UAAU,UAAW,QAAO;AACvC,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,QAAQ,MAAM,KAAK,EAAE,YAAY;AACvC,QAAI,UAAU,UAAU,UAAU,OAAO,UAAU,SAAS,UAAU,KAAM,QAAO;AACnF,QAAI,UAAU,WAAW,UAAU,OAAO,UAAU,QAAQ,UAAU,MAAO,QAAO;AAAA,EACtF;AACA,QAAM,IAAI;AAAA,IACR,qEAAqE,KAAK,UAAU,KAAK,CAAC;AAAA,EAC5F;AACF;AAUO,SAAS,sBAAsB,OAAgB,OAAmC;AACvF,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,KAAK,SAAS,KAAK,CAAC,OAAO,UAAU,KAAK,GAAG;AACrE,YAAM,IAAI,uBAAuB,GAAG,KAAK,oCAAoC,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,IACtG;AACA,WAAO;AAAA,EACT;AACA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,QAAI,CAAC,aAAa,KAAK,OAAO,GAAG;AAC/B,YAAM,IAAI,uBAAuB,GAAG,KAAK,oCAAoC,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,IACtG;AACA,UAAM,SAAS,OAAO,OAAO;AAC7B,QAAI,CAAC,OAAO,cAAc,MAAM,KAAK,UAAU,GAAG;AAChD,YAAM,IAAI,uBAAuB,GAAG,KAAK,oCAAoC,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,IACtG;AACA,WAAO;AAAA,EACT;AACA,QAAM,IAAI,uBAAuB,GAAG,KAAK,oCAAoC,KAAK,UAAU,KAAK,CAAC,EAAE;AACtG;AAMO,SAAS,sBAAsB,OAAoC;AACxE,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,IAAI,uBAAuB,+BAA+B,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,EACzF;AACA,SAAO,gBAAgB,KAAK;AAC9B;AAWO,SAAS,gBAAgB,OAA2B;AACzD,QAAM,QAAkB,CAAC;AACzB,aAAW,SAAS,MAAM,QAAQ;AAChC,UAAM,OAAO,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAC5D,UAAM,UAAU,qBAAqB,KAAK;AAC1C,UAAM,SAAS,UAAU,YAAY,QAAQ,KAAK,IAAI,CAAC,KAAK;AAC5D,UAAM,KAAK,GAAG,IAAI,KAAK,MAAM,OAAO,GAAG,MAAM,EAAE;AAAA,EACjD;AACA,SAAO,MAAM,SAAS,IAClB,8BAA8B,MAAM,KAAK,IAAI,CAAC,KAC9C;AACN;AAEA,SAAS,qBAAqB,OAAkD;AAI9E,MAAI,MAAM,SAAS,EAAE,aAAa,oBAAoB;AACpD,UAAM,aAAc,MAAgC;AACpD,QAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,aAAO,WAAW,IAAI,CAAC,QAAQ,OAAO,GAAG,CAAC;AAAA,IAC5C;AAAA,EACF;AACA,SAAO;AACT;AAMA,IAAM,WAAW,oBAAI,IAAmC;AAOjD,SAAS,gBAAyB,MAAuD;AAC9F,MAAI,SAAS,IAAI,KAAK,IAAI,GAAG;AAC3B,UAAM,IAAI,MAAM,kDAAkD,KAAK,IAAI,EAAE;AAAA,EAC/E;AACA,QAAM,QAAiC;AAAA,IACrC;AAAA,IACA,KAAK,OAAO,UAAU,QAAQ;AAC5B,YAAM,cAAc,KAAK,OAAO,UAAU,QAAQ;AAClD,UAAI,CAAC,YAAY,SAAS;AACxB,cAAM,IAAI,uBAAuB,gBAAgB,YAAY,KAAK,CAAC;AAAA,MACrE;AACA,aAAO,KAAK,QAAQ,YAAY,MAAM,GAAG;AAAA,IAC3C;AAAA,EACF;AAGA,WAAS,IAAI,KAAK,MAAM,KAAkC;AAC1D,SAAO;AACT;AAGO,SAAS,aAAa,MAAiD;AAC5E,SAAO,SAAS,IAAI,IAAI;AAC1B;AAGO,SAAS,2BAAqD;AACnE,SAAO,CAAC,GAAG,SAAS,KAAK,CAAC;AAC5B;AAGO,SAAS,yBAA+B;AAC7C,WAAS,MAAM;AACjB;","names":[]}
|
|
@@ -216,16 +216,16 @@ import {
|
|
|
216
216
|
} from "./chunk-OADWQ5CR.js";
|
|
217
217
|
import {
|
|
218
218
|
EngramAccessHttpServer
|
|
219
|
-
} from "./chunk-
|
|
219
|
+
} from "./chunk-S2OU5DZY.js";
|
|
220
220
|
import {
|
|
221
221
|
WearablesInputError
|
|
222
222
|
} from "./chunk-7WV3F5DQ.js";
|
|
223
223
|
import {
|
|
224
224
|
EngramMcpServer
|
|
225
|
-
} from "./chunk-
|
|
225
|
+
} from "./chunk-473JIN2U.js";
|
|
226
226
|
import {
|
|
227
227
|
EngramAccessService
|
|
228
|
-
} from "./chunk-
|
|
228
|
+
} from "./chunk-FUCUR2OZ.js";
|
|
229
229
|
import {
|
|
230
230
|
WorkStorage
|
|
231
231
|
} from "./chunk-GDB4J2H3.js";
|
|
@@ -2264,7 +2264,8 @@ async function runAccessMcpServeCliCommand(service, options = {}) {
|
|
|
2264
2264
|
emitLegacyTools: options.emitLegacyTools
|
|
2265
2265
|
}) ?? new EngramMcpServer(service, {
|
|
2266
2266
|
principal: options.principal,
|
|
2267
|
-
emitLegacyTools: options.emitLegacyTools
|
|
2267
|
+
emitLegacyTools: options.emitLegacyTools,
|
|
2268
|
+
codingDecisionVisible: service.decisionRecordSurfaceVisible
|
|
2268
2269
|
});
|
|
2269
2270
|
await server.runStdio(options.stdin ?? process.stdin, options.stdout ?? process.stdout);
|
|
2270
2271
|
return { ok: true };
|
|
@@ -7310,4 +7311,4 @@ export {
|
|
|
7310
7311
|
listMemoryMarkdownFilePaths,
|
|
7311
7312
|
registerCli
|
|
7312
7313
|
};
|
|
7313
|
-
//# sourceMappingURL=chunk-
|
|
7314
|
+
//# sourceMappingURL=chunk-QVMXQGT7.js.map
|